Abstract: Data aggregation includes receiving, from an electronic device, a plurality of sensor data packets, wherein the plurality of sensor data packets are received from at least one sensor of the electronic device, and wherein each of the plurality of sensor data packets comprise a tag identifying a classification of the sensor data in the sensor data packet, applying a user-specific policy to the plurality of sensor data packets, aggregating the plurality of sensor data packets based on the user-specific policy to obtain aggregated sensor data, and transmitting the aggregated sensor data to a service broker.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor activities of objects in a system, compare the monitored activities to metadata for the system, and identify low prevalence outliers to detect potentially malicious activity. The monitored activities can include an analysis of metadata of the objects in the system to identify polymorphic threats, an object reuse analysis of the system to detect an object reusing metadata from another object, and a filename analysis of the system.

Abstract: A technique allows associating host applications and user agents in network traffic and detecting possible malware without relying on signatures of the user agents. A database of host applications and user agents is maintained, allowing automatic update of the database when a new application or new application to user agent mapping is discovered. Partial matches may be made when a change is made to the application, allowing learning the new mapping automatically. If an application is associated with more than a threshold number of user agents, an indication may be generated that the application is suspicious and possibly malware.

Abstract: Technologies for securing an electronic device may include determining a plurality of rules, monitoring execution of the electronic device, generating a notification that one of the operations has occurred based upon the rules, and, based on the notification and the pattern of the operations, determining whether the operations are indicative of malware. The rules may include an identification of a plurality of entities of the electronic device to be monitored, an identification of one or more operations between the entities to be monitored, and an identification of a pattern of the operations to be monitored.

Abstract: Code of a particular application is analyzed against a semantic model of a software development kit of a particular platform. The semantic model associates a plurality of application behaviors with respective application programming interface (API) calls of the particular platform. A set of behaviors of the particular application is identified based on the analysis of the code and a particular one of the set of behaviors is identified as an undesired behavior. The particular application can be automatically modified to remediate the undesired behavior. The particular application can be assigned to one of a plurality of device modes, and access to the particular application on a user device can be based on which of the plurality of device modes is active on the user device.

Abstract: Various embodiments are generally directed to techniques for monitoring the integrity of an operating system (OS) security routine that checks the integrity of an OS and/or one or more application routines. An apparatus may include a first processor component to execute an operating system (OS) in a first operating environment within a processing device and to execute an OS security routine to recurringly verify an integrity of the OS; a challenge component within a second operating environment within the processing device that is isolated from the first operating environment to recurringly challenge the OS security routine to provide a measure of itself; and a response component within the second operating environment to analyze each measure provided by the OS security routine and an elapsed time to receive each measure from the OS security routine to verify an integrity of the OS security routine.

Abstract: In one embodiment, a system includes: a processor; a security processor to execute in a trusted executed environment (TEE), the security processor to execute memory reference code (MRC) stored in a secure storage of the TEE to train a memory coupled to the processor; and the memory coupled to the processor. Other embodiments are described and claimed.

Abstract: Technologies for securing an electronic device include determining addresses of one or more memory pages, injecting for each memory page a portion of identifier data into the memory page, storing an indication of the identifier data injected into each of the memory pages, determining an attempt to access at least one of the memory pages, determining any of the identifier data present on a memory page associated with the attempt, comparing the indication of the identifier data with the determined identifier data present on the memory page, and, based on the comparison, determining whether to allow the access.

Abstract: The invention enables a client device that does not support IEEE 802.1X authentication to access at least some resources provided through a switch that supports 802.1X authentication by using dynamic authentication with different protocols. When the client device attempts to join a network, the switch monitors for an 802.1X authentication message from the client device. In one embodiment, if the client fails to send an 802.1X authentication message, respond to an 802.1X request from the switch, or a predefined failure condition is detected the client may be deemed incapable of supporting 802.1X authentication. In one embodiment, the client may be initially placed on a quarantine VLAN after determination that the client fails to perform an 802.1X authentication within a backoff time limit. However, the client may still gain access to resources based on various non-802.1X authentication mechanisms, including name/passwords, digital certificates, or the like.

Abstract: A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow.

Abstract: System calls to a kernel of a mobile computing device are monitored. A particular system call is intercepted relating to input/output (I/O) functionality of the mobile computing device. A data loss prevention (DLP) policy is identified that is applicable to the particular system call. An action is performed on the particular system call based at least in part on the DLP policy.

Abstract: The present invention gives the methods and processes for automatically servicing user driven requests to find place-holder fields, fill them in with relevant data in a secure manner and securely communicating the data related thereto to the appropriate Android™ device and/or application. More particularly, it relates to the methods and processes for authenticated users to automatically obtain and use the correct filled-in data that allows them to access or use any of a multiple number of Android™ applications and/or services at any time.

Abstract: A geo-location provider station signs geo-location data and a previous signature provided by a mobile device, returning a new signature to the mobile device. The mobile device uses the new signature when requesting a signature from another geo-location provider station. The mobile device stores the geo-location data and the signatures provided by geo-location provider stations. The stored geo-location data may be verified upon request by using the stored signature data.

Abstract: Embodiments of the present disclosure are directed to updating categorization of online content. An analytics engine implemented at least partially in hardware can receive an engagement indicator across a network interface; identify a type of the engagement indicator, the type of the engagement indicator comprising one of a positive engagement indicator or a negative engagement indicator; and update the reputation data stored in memory based on the type of the engagement indicator. A safe harbor time window is described during with user activity with online content is not reported to system administrators.

Abstract: A technique allows a user client to receive a software product from a server. The user client may determine if the software product includes other potentially unwanted programs by reading one or more graphical user interface instances that are created during installation of the software product. The graphical user interface instances are read to identify information related to software identifiers of the software product and of potentially unwanted programs. A signature file may be received from a third-party server. The software identifiers of the software product and potentially unwanted programs can be checked against the signature file during installation of the software product in order to identify the presence of potentially unwanted programs that may be bundled with software product.

Abstract: A domain identifier of a first domain of a plurality of domains is identified, the domain identifier included in a domain certificate received from the first domain. A first permanent hardware identifier set as a fuse key value embedded in hardware of the device during fabrication is identified. A plurality of unique second private hardware identifiers stored in the secured memory are identified. A plurality of hardware-based root identifiers are derived from the plurality of unique second private hardware identifiers respectively. A plurality of secure identifiers for the respective plurality of unique second private hardware identifiers are derived for a pairing of the device and the first domain based on the plurality of root identifiers respectively and the domain identifier. A secure identifier of the plurality of secure identifiers is caused to be sent over a secured channel to a domain computing device associated with the first domain.

Abstract: An executable file is loaded into memory. The executable file is analyzed to determine whether one or more dynamically linked libraries are referenced in an import table of the file. It can then be determined whether one or more dynamically linked libraries is adapted to contact a network.

Abstract: In an example, there is disclosed a computing apparatus having one or more logic elements providing a security agent operable for: detecting that a first process has launch a second process and placed the second process in a suspended state; detecting that the first process has modified or attempted to modify the second process; classifying the modification as potentially malicious; and taking a remedial action. There is also disclosed one or more computer-readable storage mediums having stored thereon executable instructions for providing the security agent, and a computer-executable method of providing the security agent.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to acquire a plurality of reputations related to an object and combine the plurality of reputations to create a total reputation for the object. The object can include a plurality of sub-objects and each of the plurality of reputations can correspond to one of the sub-objects.

Abstract: Technologies for securing communication may include monitoring a secured network connection between a client and a server. The secured network connection may be secured using a symmetric cryptographic key. The technologies may also include detecting a transmission of secured information between the client and the server, copying the transmission, forwarding the transmission to an intended recipient, decrypting the transmission using the symmetric cryptographic key, and determining whether the transmission is indicative of malware.